/// <summary>
/// Signs the document.
/// </summary>
/// <param name="doc">The doc.</param>
private static void SignDocument(XmlDocument doc, X509Certificate2 certificate, AlgorithmType signatureAlgorithm)
{
if (!certificate.HasPrivateKey)
{
throw new InvalidOperationException("Private key access to the signing certificate is required.");
}
XmlSignatureUtils.GenericSign(doc, doc.DocumentElement.GetAttribute("ID"), certificate, (appDoc, xmlElm) =>
{
// Append the computed signature. The signature must be placed as the sibling of the Issuer element.
appDoc.DocumentElement.InsertBefore(appDoc.ImportNode(xmlElm, true), appDoc.DocumentElement.FirstChild);
}, signatureAlgorithm);
}
/// <summary>
/// Adds the signature.
/// </summary>
/// <param name="assertionDocument">The assertion document.</param>
/// <param name="cert">The cert.</param>
private static void AddSignature(XmlDocument assertionDocument, X509Certificate2 cert, AlgorithmType algorithmType)
{
var list = assertionDocument.GetElementsByTagName(Assertion.ElementName, Saml20Constants.Assertion);
var el = (XmlElement)list[0];
XmlSignatureUtils.GenericSign(assertionDocument, el.GetAttribute("ID"), cert, (doc, signedXml) =>
{
// Append the computed signature. The signature must be placed as the sibling of the Issuer element.
var nodes = doc.DocumentElement.GetElementsByTagName("Issuer", Saml20Constants.Assertion);
if (nodes.Count != 1)
{
throw new Saml20Exception("Assertion MUST contain one <Issuer> element.");
}
doc.DocumentElement.InsertAfter(assertionDocument.ImportNode(signedXml, true), nodes[0]);
}, algorithmType);
}
